GuardianShield¶

Universal AI security layer — protect every AI coding agent with code scanning, PII detection, prompt injection defense, secret detection, and audit logging.

verified_user MCP Server Apache-2.0 Python 3.9+ lock Zero Dependencies

pip install guardianshield

Get Started View on GitHub

16 MCP Tools

5 Safety Profiles

75+ Detection Patterns

0 Dependencies

Threats AI Agents Face¶

AI coding agents operate with broad access to your codebase, secrets, and infrastructure. Without guardrails, they can introduce or leak critical security issues.

vpn_key Secret Leakage

API keys, tokens, and credentials accidentally committed to code or exposed through AI-generated output.

gpp_bad Prompt Injection

Malicious instructions hidden in code comments, issues, or data that hijack AI agent behavior.

privacy_tip PII Exposure

Personal data — SSNs, emails, credit cards — leaking through AI-generated code or responses.

bug_report Code Vulnerabilities

SQL injection, XSS, command injection, and path traversal patterns introduced by AI agents.

How GuardianShield Protects¶

GuardianShield sits between your AI agent and your codebase, scanning every interaction in real-time.

policy Code Scanning

Detects SQL injection, XSS, command injection, path traversal, and insecure functions before code is committed.

enhanced_encryption Secret Detection

12+ patterns catch AWS keys, GitHub tokens, Stripe keys, JWTs, private keys, and database credentials.

block Injection Defense

9+ heuristic patterns identify instruction overrides, role hijacking, ChatML injection, and jailbreak attempts.

visibility PII Detection

Catches emails, SSNs, credit cards, phone numbers, and IP addresses — with automatic redaction.

package_2 Dependency Scanning

Check project dependencies for known CVEs using a local-first OSV.dev vulnerability cache.

code Language-Aware

75+ patterns across Python and JS/TS with CWE mapping — auto-detected from file extension.

16 MCP Tools¶

Every security capability is exposed as a standard MCP tool — callable from any compatible AI client.

scan_code

Analyze source code for vulnerabilities, insecure patterns, and embedded secrets.

scan_input

Check user prompts and inputs for prompt injection and manipulation attempts.

scan_output

Scan AI-generated output for PII leaks, sensitive content, and policy violations.

check_secrets

Detect API keys, tokens, passwords, and credentials in any text.

get_profile

Retrieve the current safety profile configuration and active rules.

set_profile

Switch between safety profiles — general, education, healthcare, finance, children.

audit_log

Query the SQLite audit trail of all scans, findings, and security events.

get_findings

Retrieve security findings filtered by severity, type, or time range.

shield_status

Check the health and configuration of your GuardianShield instance.

scan_file

Scan a single source file with auto language detection from extension.

scan_directory

Recursively scan a directory with extension filtering and progress streaming.

test_pattern

Test custom regex patterns against sample code — returns matches with positions.

check_dependencies

Check project dependencies for known CVEs via a local OSV.dev cache.

sync_vulnerabilities

Sync the local OSV vulnerability database for PyPI, npm, Go, and Packagist ecosystems.

parse_manifest

Parse any supported manifest file into structured dependency objects for analysis.

scan_dependencies

Scan a directory for manifest files and check all dependencies for known vulnerabilities.

Works Everywhere¶

One install. Every AI editor. GuardianShield speaks MCP — the universal protocol for AI tool integration.

Claude Code VS Code Cursor Windsurf Claude Desktop OpenSpek Gemini Grok Codex Any MCP Client

Quick Setup¶

Claude CodeVS CodeCursorClaude Desktop

claude mcp add guardianshield -- guardianshield-mcp

.vscode/mcp.json

{
  "servers": {
    "guardianshield": {
      "type": "stdio",
      "command": "guardianshield-mcp"
    }
  }
}

.cursor/mcp.json

{
  "mcpServers": {
    "guardianshield": {
      "command": "guardianshield-mcp"
    }
  }
}

claude_desktop_config.json

{
  "mcpServers": {
    "guardianshield": {
      "command": "guardianshield-mcp"
    }
  }
}

Safety Profiles¶

Pre-configured security policies for different industries and use cases. Switch profiles with a single MCP call.

Core Features¶

inventory_2

Zero Dependencies

Pure Python stdlib — no pip install headaches, no supply chain risk.

menu_book

Audit Trail

Every scan logged to SQLite with SHA-256 hashed inputs — never stores raw data.

shield

Auto Redaction

Secrets and PII are automatically redacted in all findings and logs.

extension

Composable

Use as MCP server, Python library, or integrate into CI/CD pipelines.

settings

Configurable

Sensitivity levels, custom patterns, and per-scanner toggles via profiles.

balance

Apache-2.0

Free forever. Patent-protected open source — security for humanity.

link

CWE Mapping

Every finding links to CWE IDs — trace vulnerabilities to the industry-standard weakness catalog.

package_2

Dependency Scanning

Local-first OSV.dev integration — check PyPI, npm, Go, and Packagist packages for known CVEs offline.

How GuardianShield Compares¶

Feature	NeMo Guardrails	Guardrails AI	Llama Guard	Presidio	GuardianShield
Code Scanning	—	—	—	—
Secret Detection	—	—	—	—
Prompt Injection		Partial		—
PII Detection	—	Partial	—
Content Moderation				—
Audit Logging	—	—	—	—
Safety Profiles	—	—	—	—
MCP Integration	—	—	—	—
Zero Dependencies	—	—	—	—
File-Level Scanning	—	—	—	—
Dependency Scanning	—	Partial	—	—
CWE Mapping	—	—	—	—
Finding Dedup	—	—	—	—
Response Redaction	—	—	—	—
Manifest Parsing	—	—	—	—
Directory Dep Scan	—	—	—	—
GuardianShield	1 of 16	2 of 16	2 of 16	1 of 16	16 of 16

Community¶

star

Secure Your AI Agents Today¶